1. COMMENTARY

STAYING AHEAD IN THE SECURITY GAME

(contributed by Brian Moran, news editor, brianm@crosstier.com)

Have you applied the latest SQL Server security patch? And how can you stay on top of all the security fixes coming down the pike from Microsoft and other sources? Security is an important topic in IT regardless of which technologies you specialize in, and lately I've been thinking about SQL Server security quite a bit. I'm planning to weave security discussions into my SQL Server UPDATE commentary during the next several weeks. But this week, I tell you about the most recent security patch from Microsoft, available online at the following URL, and one way you can stay abreast of Microsoft security patches. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/mS02-020.asp

Trying to keep the intruders out without keeping on top of the latest security announcements is like playing video games against a Microsoft Xbox master who knows the secret codes that you don't know. The odds aren't fair, and you'll probably end up dead. The HotFix & Security Bulletin Service will ensure that you have the latest security information from Microsoft. Computer systems will always have undetected security vulnerabilities, and we'll always have intruders. It's the nature of the game. The trick is to be vigilant and proactive in your approach to security management.

SPONSOR: SQL SERVER MAGAZINE - NO RISK OFFER!

Hands-on, how-to articles covering Database Modeling, ADO.NET, XML, Performance Tuning, Security and all of the issues database developers and administrations need to know to manage SQL Server. Subscribe to SQL Server Magazine with this NO RISK offer and, if for any reason, you are not satisfied with your first issue, just write cancel on the invoice and return it to us. Keep the first issue with our compliments - no questions asked. Subscribe today at:http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ01yA0AZ

2. SQL SERVER NEWS AND VIEWS

RESULTS OF PREVIOUS INSTANT POLL: BETA PROGRAM PARTICIPATION

The voting has closed in SQL Server Magazine's nonscientific Instant Poll for the question, "Has your company participated in Microsoft SQL Server beta programs?" Here are the results (+/- 1 percent) from the 192 votes:

Need 24 x 7 Availability?
High-availability networks, systems, and applications are critical to every business. Sign up for our (free!) Webinar taking place on May 14 (sponsored by MKS), and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load balancing, monitoring, and more. Register today!http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0qQh0Ac

3. ANNOUNCEMENTS

IMMEDIATE ACCESS TO T-SQL SOLUTIONS!

Exclusive in-depth articles, tips, tricks, and code samples all at your fingertips. Content you can't get anywhere else—brought to you by the SQL Server experts you trust such as Kalen Delaney, Itzik Ben-Gan, and others. Increase your productivity today! Go to the following URL.
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ0Kqz0Ao

ARE YOU WASTING TIME SEARCHING FOR SQL SERVER ANSWERS?

The SQL Server Magazine Master CD gives you realtime, high-speed access to all the articles, code, and expertise from every issue of SQL Server Magazine ever published. Unique search features let you find what you need fast. Order your copy today!
http://lists.sqlmag.com/cgi-bin3/flo?y=eLya0CFYDW0BRZ01yB0Aa

5. RESOURCES

WHAT'S NEW IN SQL SERVER MAGAZINE: QUERY ANALYZER SHORTCUTS

As a SQL Server DBA, you probably use Query Analyzer every day to analyze SQL statements. In his article "Query Analyzer Shortcuts," SQL Server Magazine Senior Technical Editor Michael Otey shows you how to speed the process by using seven keyboard shortcuts that make Query Analyzer a more effective and productive tool. The article appears in the May 2002 issue of SQL Server Magazine and is available online at the following URL:
http://www.sqlmag.com/articles/index.cfm?articleid=24349

Q. In the June 2001 issue of SQL Server Magazine, you mentioned that to avoid recompilations, thereby improving performance, you can "try coding the object owner for referenced tables, views, and procedures inside your stored procedures" when submitting a query (e.g., select col1 from dbo.table1). Does SQL Server recompile if two tables with the same name exist in the database (e.g., dbo.table1, fred.table1)? Further, does SQL Server recompile the stored procedure if only dbo.table1 exists in the database.

A. SQL Server recompiles a stored procedure or a cached query plan even if only one table1 exists, because through the recompilation process, SQL Server checks the catalog for the appropriate object that the connection context issuing the query should use. When you don't qualify the owner name, SQL Server enters the compile code and acquires a COMPILE lock on the procedure. SQL Server eventually determines that a new plan isn't required, so at that point, SQL Server doesn't recompile the plan. However, when SQL Server takes the extra step of acquiring a COMPILE lock on the procedure, in situations of heavy load, blocking can occur. For more details about blocking contention, see the Microsoft article "INF: SQL Blocking Due to COMPILE Locks" ( http://support.microsoft.com/default.aspx?scid=kb;en-us;q263889).

Qualifying the table or view and the columns you use is also good practice. Qualifying those entities ensures that the query will continue to work as you expect—even if the underlying tables are altered—because the code explicitly names the tables that hold the columns you need. Otherwise, adding mycol1 to Table2 would cause a namespace clash and break the query. The following code snippet qualifies a table and columns:

SELECT a.mycol1, b.othercol1
FROM dbo.Table1
AS a INNER JOIN dbo.Table2
AS b ON a.myid=b.otherid

Send your technical questions to questions@sqlmag.com.

6. NEW AND IMPROVED

(contributed by Carolyn Mascarenas, products@sqlmag.com)

SIMPLIFY SQL SERVER TASKS

Red Diamond Software announced DBA Toolkit 2.0, a collection of tools that make routine SQL Server tasks easy for DBAs. The product includes features such as JobStyles, which lets you define backup procedures; JobScheduler, which provides a graphical calendar view of job schedules; and DataScripter, which creates SQL insert statements from your data. The ScriptLibrary feature lets you organize existing scripts and store procedures in user-defined categories. For pricing, contact Red Diamond Software at 303-229-5258.
http://www.reddiamondsoftware.com